Total
1368 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10312 | 1 Jenkins | 1 Ansible Tower | 2020-10-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doFillTowerCredentialsIdItems method allowed attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins. | |||||
| CVE-2019-10323 | 1 Jfrog | 1 Artifactory | 2020-10-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Artifactory Plugin 3.2.3 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | |||||
| CVE-2019-10377 | 1 Jenkins | 1 Avatar | 2020-10-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Avatar Plugin 1.2 and earlier allows attackers with Overall/Read access to change the avatar of any user of Jenkins. | |||||
| CVE-2019-10341 | 1 Jenkins | 1 Docker | 2020-10-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2019-10342 | 1 Jenkins | 1 Docker | 2020-10-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | |||||
| CVE-2019-10332 | 1 Jenkins | 1 Electricflow | 2020-10-01 | 4.3 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins ElectricFlow Plugin 1.1.5 and earlier in Configuration#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials. | |||||
| CVE-2019-10301 | 1 Jenkins | 1 Gitlab | 2020-10-01 | 4.0 MEDIUM | 8.8 HIGH |
| A missing permission check in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig#doTestConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2019-10279 | 1 Jenkins | 1 Jenkins-reviewbot | 2020-10-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptor#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | |||||
| CVE-2019-10339 | 1 Jenkins | 1 Jx Resources | 2020-10-01 | 4.0 MEDIUM | 8.8 HIGH |
| A missing permission check in Jenkins JX Resources Plugin 1.0.36 and earlier in GlobalPluginConfiguration#doValidateClient allowed users with Overall/Read access to have Jenkins connect to an attacker-specified Kubernetes server, potentially leaking credentials. | |||||
| CVE-2019-10293 | 1 Jenkins | 1 Kmap | 2020-10-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | |||||
| CVE-2019-10369 | 1 Jenkins | 1 Jclouds | 2020-10-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpl#doTestConnection and JCloudsCloud.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2019-10389 | 1 Jenkins | 1 Relution Enterprise Appstore Publisher | 2020-10-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server. | |||||
| CVE-2019-10409 | 1 Jenkins | 1 Project Inheritance | 2020-10-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates. | |||||
| CVE-2019-10455 | 1 Jenkins | 1 Rundeck | 2020-10-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Rundeck Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | |||||
| CVE-2019-10457 | 1 Jenkins | 1 Oracle Cloud Infrastructure Compute Classic | 2020-10-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | |||||
| CVE-2019-10445 | 1 Jenkins | 1 Google Kubernetes Engine | 2020-10-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Google Kubernetes Engine Plugin 0.7.0 and earlier allowed attackers with Overall/Read permission to obtain limited information about the scope of a credential with an attacker-specified credentials ID. | |||||
| CVE-2019-10442 | 1 Jenkins | 1 Icescrum | 2020-10-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins iceScrum Plugin 1.1.5 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | |||||
| CVE-2019-10439 | 1 Jenkins | 1 Crx Content Package Deployer | 2020-10-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier in various 'doFillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | |||||
| CVE-2019-10438 | 1 Jenkins | 1 Crx Content Package Deployer | 2020-10-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2020-2285 | 1 Jenkins | 1 Liquibase Runner | 2020-09-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||